This article was originally posted by the FTC. See the original article here.
This holiday season (and year-round), gift cards are on scammers’ wish lists. Scammers always have a reason for you to pay them immediately with a gift card. And they often tell you which card to buy and which store to visit. That’s why the FTC is launching a new Stop Gift Card Scams campaign to work with stores and law enforcement to fight these scams. And it’s also why the FTC has taken another look at reporting data to see what’s happening lately.
At ftc.gov/StopGiftCardScams, you can find materials to help people avoid gift card scams. If you’re a retailer (or even if you visit one), you can download, print, and share these materials in your store and community. You’ll find a display rack sign, cashier infographic card, bookmark, and a sticker. Stop Gift Card Scams is also available in Spanish. In fact, the FTC is working with our friends at the U.S. Department of Justice and in local law enforcement to help get the word out nationwide.
This is pressing because the FTC’s data show that, nationwide, gift cards are a top way that people report paying most scammers. People tell the FTC that, since 2018, they’ve paid almost $245 million to scammers, with a median loss of $840. Just today, the FTC released an updated Data Spotlight with some interesting new developments:
Reports suggest eBay is scammers’ current gift card brand of choice. It was Google Play and iTunes, but eBay has claimed the uncoveted top spot.
People most often report using gift cards to pay scammers pretending to be the government, a business, tech support, or a friend or family member in trouble.
People report that scammers tell them to buy gift cards at Walmart, Target, CVS, and Walgreens. And once they have you there, they’ll keep you on the phone as you pay for the gift cards.
Which brings us full circle back to the Stop Gift Card Scams campaign. Read lots more in the Spotlight itself, and find out more about avoiding gift card scams at ftc.gov/giftcards. And if anyone, no matter who it is, tells you to pay with a gift card, that’s a scam. Stop, don’t pay, and then tell the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Retailers are already preparing for what they hope will be a successful shopping season. Because of COVID-19, it’s likely that we’ll be going online to look for those perfect buys. With so many deals around and what seem like eternal “Black Friday” sales, it’s important to keep some online shopping tips in mind.
So, if you plan to shop from the comfort of your home instead of heading out in person for those doorbuster deals, first, make sure your home computer has the latest antivirus software updated. This will help protect you from hackers and identity thieves. Read more computer safety tips here.
Check out the seller. Confirm that the seller is legit. Look for reviews about their reputation and customer service, and be sure you can contact the seller if you have a dispute.
Look for coupon codes. Search the store’s name with terms like “coupons,” “discounts,” or “free shipping.”
Pay by credit card. Paying by credit card gives you added protections. Never mail cash or wire money to online sellers. If the seller asks you to pay this way, it could be a scam.
Use secure checkout. Before you enter your credit card information online, check that the website address starts with “https.” The “s” stands for secure. If you don’t see the “s,” don’t enter your information.
Keep records of online transactions until you get the goods, confirm you got what you ordered, and that you’re satisfied you won’t have to return the item.
The OneDrive phishing scam is particularly dangerous because of how insidious it is. A seemingly innocuous email shows up in your Inbox with a subject something like this, “Document for [your name].” In the body of the email you see what looks like a familiar OneDrive notice about an available document that has been shared with you by someone you know. Upon clicking on the link or the folder you are forwarded to a familiar Microsoft 365 sign in box.
You enter your email, which is accepted, and then you enter your password, which fails on the first attempt but succeeds on the second. You may end up at office.com or OneDrive but you don’t have access or you don’t see the shared document. At this point you may become suspicious but it’s too late. They now have your Microsoft 365 email and password. They can get into your email, send spam in your name, see/edit/delete your OneDrive files. If you have administrative privileges they can wreak even more havoc. How can you avoid this scam?
How to Vet Your Email Messages
Every email that appears in your Inbox should be vetted no matter if it’s from a friend or foe (see image below).
Are you expecting this email?
Check the “sender,” not just the name, but also the email address.
Hover over (don’t click) all links. A bubble will appear with the link destination.
Now you’re equipped with all the information you need. If this is not an expected email then do not click on anything and contact the sender to see if they actually sent you this message. If it is expected or typical for the sender still do steps 2 and 3 above. If either do not match then do not click on anything. You may still want to alert the sender so they can check to see if their email has been hacked.
Multifactor authentication would completely prevent this type of attack. When your Microsoft 365 administrator activates multifactor authentication then each time you log into Microsoft 365 you are asked for a verification code via text or call. You might even use the Microsoft Authenticator app. This extra step thwarts scammers. Even if someone were to fall for this scam, and the scammer had their Microsoft 365 email and password, when the scammer tries using their credentials a text, call, or email would go to the real user for verification and that would stop the scammer in their tracks. It would also alert the user that their account has been compromised allowing them to take steps to change their password. I strongly recommend multifactor authentication.
The other usual steps are:
Always keep your Windows OS up-to-date by activating automatic Windows updates.
Keep your antivirus up-to-date and run frequent virus checks.
Never ever give anyone your Microsoft 365 password and change it regularly.
Listen to your gut. If it looks fishy (phishy) then delete it and call or text the sender
Online scams are on a meteoric rise. Diligence will keep you safe. Please be careful!